05: How are DRIVE MAPS and UNC paths supported in PolicyPak Least Privilege Manager?

First, let’s start with UNC paths.
UNC Paths:

  • UNC Paths are supported and honored.
  • Note that the same UNC target could have different names, for instance\\fabrikam\share,\\fabrikam.com\shareor\\192.168.2.10\sharemight all point the exact same place.
  • Each rule name is evaluated differently.
  • Therefore, as an example… to make your UNC rules, you would need to cover all the bases:
    • A rule could be for\\fabrikam\Sharewhich will work, but…
    • You would also need a rule for\\fabrikam.com\Shareand also if desired…
    • You would need a rule for\\192.168.2.10\share….

Tip:If you want to elevate all files in\\SERVER\Shareyou must useTARGET = FOLDER(see screenshot below.)
But if you want to elevate all files in\\Server\ShareAND all files in any subfolders (\\Server\Share\Subfolder1,\\Server\Share\Subfolder2, etc.) then you must specifyTARGET = FOLDER (recursive)(see screenshot below.)

Drive Maps:

  • Think of drive maps like “shortcuts” which map to existing UNC paths. So, S: is really a map to\\fabrikam\share,\\fabrikam.com\shareor\\192.168.2.10\share
  • You don’t need to make any explicit “Drive map” rules. So, don’t elevate “S:” in PolicyPakLeast Privilege Manager. That is incorrect syntax.
  • Instead, you would make a UNC path rule for what S: is really pointing to.
  • So, for instance, if you want to elevate all files in S: (which is mapping to\\fabrikam.com\share) , that’s fine:
    • You don’t need to have a PolicyPak Least Privilege Manager rule to “Elevate S:”.
    • You DO need to have a PolicyPak Least Privilege Manager rule to “Elevate\\fabrikam.com\share” and select Folder or Folder (Recursive) as shown here.

  • 171
  • 26-Mar-2019
  • 159 Views